If you really have NO idea at all

[andre_roesti]

Hello all,

This is my first Post here. If its not allowed to post Things like this, please let me know and i'll delete it. Thank you.

When there's something like this in the code:

Code: Select all

if(x == moo)

The Browser has to know the value of 'moo'. So, if you really have no Idea at all how to solve a Mission, you can always enter the following in your addressbar to get the Answer:

Code: Select all

javascript:alert(moo);

Greetings from Switzerland
André

[Goatboy]

This is not always the case. What if moo is the result of a complex encryption function?

[andre_roesti]

But to compare the two values, the Browser has to know the value of 'moo'?! Otherwise it couldn't say you if it's right or not.

Or did i forget something?

Greetings from Switzerland
André

[r-ID]

you are forgetting something, you can get any value at any time, but... your input might be encoded or any other way manipulated and only then compared, even hash function could be used, but your goal might be correct input.

[Goatboy]

If it's entirely in JavaScript (which means all on the client's side) then yes, it is technically possible (although it might be difficult due to encoding) to glean any info you want that is contained within that script. But since this is extremely vulnerable, most "sensitive" values will be stored on the server and compared there.

[andre_roesti]

Yes, of course i spoke about the case when everything is client-side.

Very nice forum here! Thank you all for the fast answers.

Greetings from Switzerland